Logfile of HijackThis v1.99.1
Scan saved at 18:03:22, on 2006-11-6
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2007\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\KAV2007\KPfwSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\KAV2007\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2007\KPFW32.EXE
C:\KAV2007\KMailMon.EXE
C:\DOCUME~1\ADMINI~1.BBS\LOCALS~1\Temp\Rar$EX00.593\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 221.130.176.199 www.chenshijituan.com
O1 - Hosts: 222.208.183.246 www.realwinxp.com
O1 - Hosts: 61.152.90.31 www.chenshijituan.com
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\网络相关\WEB迅雷\WebThunderBHO_015.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\QQ2005\beat3珊瑚虫\QQIEHelper.dll
O2 - BHO: KAVAntiFishing - {55302805-482E-470E-8A57-6795A1487F90} - C:\KAV2007\KAVAFish.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\网络相关\KuGoo\KuGoo3DownXControl.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - (no file)
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KavStart] "C:\KAV2007\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2007\KPFW32.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\网络相关\迅雷\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\网络相关\迅雷\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\网络相关\KuGoo\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - E:\网络相关\WEB迅雷\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\网络相关\WEB迅雷\GetAllUrl.htm
O8 - Extra context menu item: 使用影音传送带下载 - E:\网络相关\电影下载\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - E:\网络相关\电影下载\NTAddList.html
O8 - Extra context menu item: 使用网络传送带下载 - E:\网络相关\电影下载\NXAddLink.html
O8 - Extra context menu item: 使用网络传送带下载全部链接 - E:\网络相关\电影下载\NXAddList.html
O8 - Extra context menu item: 使用网际快车下载 - E:\网络相关\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\网络相关\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\网络相关\BitSpirit\bsurl.htm
O8 - Extra context menu item: 金山毒霸反钓鱼... - C:\KAV2007\KAF\ShowSet.htm
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2005\beat3珊瑚虫\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2005\beat3珊瑚虫\QQ.EXE
O9 - Extra button: 精彩游戏 - {D1EDDE84-E67E-4ccd-B28E-73AD3B71A7C9} - http://bars.duole8.com/ (file missing)
O9 - Extra 'Tools' menuitem: 精彩游戏 - {D1EDDE84-E67E-4ccd-B28E-73AD3B71A7C9} - http://bars.duole8.com/ (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2005\beat3珊瑚虫\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2005\beat3珊瑚虫\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hz0752.net
O16 - DPF: {322BE28C-1930-45DE-82F7-36F60F6520DD} (LauncherCtrl Class) - http://www.yule.tv/soft/VPlayer.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl
Object) - https://password.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{298573A7-070D-4FAE-BD5C-C1464D785E7F}: NameServer = 202.103.224.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE7C0B5-8638-4BCD-B846-736DEAC264B1}: NameServer = 202.103.224.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - C:\WINDOWS\system32\IeFilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Transaction Provisioning Service (145_sf) - Unknown owner - C:\WINDOWS\system32\winvclsv.exe
O23 - Service: Remote Provisioning Procedure Call (RPC) Locator (b_009900) - Unknown owner - C:\WINDOWS\system32\winvclsv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2007\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2007\KWatch.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
刚才整理工具的时候突然发现盘里多了几个我没下过的压缩包,而且是今天下午4点多下载的,那时我正在上课,机子在挂着杀毒,估计那时侯已经杀完自动关机了,但是不懂怎么会多了几个压缩包。。。。。。
。。。。是不是被人给黑了~?
查看了一下发现C:\WINDOWS\system32\winvclsv.exe这个东西是我没见过的,在百度搜也没发现,这是什么程序~?
